US11665166B2 - Secure computing platform - Google Patents
Secure computing platform Download PDFInfo
- Publication number
- US11665166B2 US11665166B2 US16/681,802 US201916681802A US11665166B2 US 11665166 B2 US11665166 B2 US 11665166B2 US 201916681802 A US201916681802 A US 201916681802A US 11665166 B2 US11665166 B2 US 11665166B2
- Authority
- US
- United States
- Prior art keywords
- computer
- vdi
- server
- function limited
- virtual desktop
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Definitions
- the technology relates generally to computer security and more specifically, but not but not exclusively to a function limited computer that only performs predefined function(s), and is controlled, monitored, and administered by a central authority.
- Network and/or computer security is a problem whenever a computer is utilized over an unsecured network such as the Internet and/or when users of the computer can add and/or run unauthorized programs and/or processes and/or connect with questionable websites. It is difficult to maintain and monitor the security of such a computer and/or network.
- the instant disclosure identifies and addresses a need for a computer with limited capabilities. There is a need for a limited capability computer that can be controlled, monitored and/or administered by a central authority.
- a minimal purpose machine for accessing a network includes a graphical user interface (GUI) and a connection broker configured to connect the GUI to a remote server and receive a virtual desktop from the remote server and display the virtual desktop on the GUI.
- GUI graphical user interface
- An access control module prevents unauthorized access to the network.
- An authentication control module prevents unauthorized access to the machine, and a kernel level process control module prevents an unauthorized process from running on the machine.
- a method for providing a minimal purpose machine for accessing a network.
- the method includes a computer logging into a virtual desktop infrastructure (VDI) server via a connection broker.
- VDI server provides via the connection broker, a virtual desktop to the computer.
- the virtual desktop provides a preset number of functions to the computer.
- the VDI server connects the computer to an Internet Protocol (IP) address via a virtual private network and monitors communications between the computer and the IP address.
- IP Internet Protocol
- a non-transitory computer-readable medium may include one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to login to a virtual desktop infrastructure (VDI) server via a connection broker and receive from the VDI server, via the connection broker, a virtual desktop.
- the virtual desktop provides a preset number of functions to the function limited computer.
- the computer-executable instructions further cause the computing device to connect to an Internet Protocol (IP) address via the VDI server and a virtual private network.
- IP Internet Protocol
- FIGS. 1 A-C provide a flow chart illustrating steps performed by the system in accordance with one or more embodiments of the technology.
- FIGS. 1 A-C apparatus and methods for providing a limited capabilities computer which may be controlled, monitored and/or administered by a central authority.
- FIGS. 1 A-C apparatus and methods for providing a limited capabilities computer which may be controlled, monitored and/or administered by a central authority.
- Principles and operations of the technology may be better understood with reference to the drawings and the accompanying description.
- “computer” or “device” means a mobile phone, laptop computer, tablet computer, personal digital assistant (“PDA”), desktop computer, electronic reader (“e-reader”), mobile game console, smart watch, smart glasses, voice assistant devices, or any other device which can connect to a network and transmit and receive data. It may also be used to refer to peripheral devices used with such devices.
- PDA personal digital assistant
- e-reader electronic reader
- mobile game console smart watch
- smart glasses smart glasses
- voice assistant devices or any other device which can connect to a network and transmit and receive data. It may also be used to refer to peripheral devices used with such devices.
- remote means accessible via a network wherein at least two of the devices do not need to be collocated to communicate.
- FIGS. 1 A-C illustrate a functional chart of a system 100 which may provide a limited capabilities computer which may be controlled, monitored and/or administered by a central authority.
- the technology may include the following general subcategories: Infrastructure, Secure Connectivity, Access Controls, Authentication Controls, and Kernel Level Process Controls.
- the subcategories may be tied together by a central authority which may implement, control, secure, audit, and/or amalgamate the information into one or more reports.
- the limited functionality of the system increases the security of the system by only permitting pre-approved secured processes and applications to run on the system and increases the efficacy of security monitoring and maintenance techniques and procedures through the increased transparency inherent in the limited processes of a system of limited functionality.
- VDI Virtual Desktop Infrastructure
- Connection Broker 110 connection Broker 110
- End-User Computer 112 End-User Computer 112
- VDI is an established practice in information technology and is prominently featured across many organizations.
- VDI infrastructure is used to deploy virtual desktops, which may be stored with the central authority or some other location that is accessible by the central authority, to an end-user's computer that has the security features discussed herein.
- Using a VDI system allows the central authority to return the VDI 102 to a ‘clean state’ at the end of an end-user's session, which mitigates the ability of a cyber actor to maintain a persistent presence on a system.
- Secure connectivity may include connecting the end-user computer to the VDI Server 102 through the connection broker 110 and connecting the end-user computer 112 to a predefined Internet Protocol (IP) address or to an IP addresses determined by the client 106 .
- IP Internet Protocol
- the connectivity may be achieved through a Virtual Private Network (VPN) 104 that tunnels all network traffic from the end-user computer 112 to a VPN server under the control of the central authority.
- VPN Virtual Private Network
- the VDI Server 102 may use the connection broker 110 to deploy a virtual desktop to the end-user computer 112 .
- the VPN 104 will tunnel all outgoing and incoming web traffic through the Central Authority's VPN server.
- web traffic going to an IP Address that is not on the whitelist may be blocked before any connections can be created 108 .
- an IP address that is not on the whitelist may be analyzed by the Central Authority to determine if it should be included on the whitelist (permanently or temporarily). The analysis could automatically occur, occur after requested by a user, or automatically occur after a certain number of attempts by one or more users to access that IP address. The results of the analysis may be collected by the Central Authority and reported 142 to the end-user or some other assigned recipient.
- Access Control 144 refers to technical controls that can be implemented to prevent unauthorized individuals from accessing data and/or applications housed in a system.
- the technology may employ a variety of access controls to prevent unauthorized access to the system.
- These controls 144 may include one or more of the following:
- Full Disk Encryption 146 This process uses cryptography to encrypt the entirety of the end-user's hard drive. Thus, anyone who does not have the predefined passcode/key to the system cannot access the system or any data contained in it.
- Elimination of All Extraneous User Accounts 148 the technology only contains a single user account on the end-user's virtual desktop which prevents alternate avenues of ingress for illicit actors.
- Limiting User Permissions 152 the single user may be provided the minimum permissions necessary to achieve the predefined function.
- Limiting User Privileges 154 the user may be provided with minimum privileges 150 or a limited amount of privileges to achieve the predefined function or possibly a limited amount more.
- Terminating User Sessions after a set period of inactivity the system may terminate the user session 158 . Additionally, the Central Authority may have the ability to terminate an end-user's session. In one or both of these scenarios the end-user may be provided a notification of the immanent termination and be provided with the option to continue the session. The option to continue may be as simple as a mouse click or it may require proof of identity to prevent someone other than the end-user from hijacking the computer while the end-user is away.
- Auditing User and Access Activity 156 user access and general activity data may be collected, audited 160 and aggregated 124 by the Central Authority, which may then analyze the data and generate one or more reports 142 . The audit may take place in real-time, and/or at scheduled times and/or after predetermined amounts of activity.
- authentication control refers to technical controls implemented to ensure that whomever is accessing a system is authorized.
- a centrally managed multi-factor authentication system may be employed.
- a password or other access authentication protocol with best practices for complexity being preferred but not required, may be employed and the end-user may be provided a choice as to at least one additional method for authentication.
- additional methods may include, but are not limited to, mobile phone push authentication 116 , emailed code authentication, token authentication 118 , or biometric authentication (including, but not limited to fingerprint or facial recognition) 120 . These methods will be implemented using established industry best practices preferably, but other practices may be employed.
- An end-user may select a computer to be pre-authenticated to a system when connecting from one or more predetermined IP Addresses thus requiring fewer forms of authentication to access the system. All authentication data may be audited 122 , collected, and/or sent to the Central Authority for analysis and report generation 142 . Furthermore, systems may be pre-registered with the central server to allow only certain user accounts to log-in. If any other user account attempts to log-in, access can be temporarily denied until additional steps are taken to authenticate the user or an authorized user is contacted, to ensure that only the approved users are attempting to log-in.
- the system may also include continuous, periodic and/or random physical, hardware and process authentication 162 .
- the system could ensure that any character being inputted into the system corresponds to a physical click of that character on initial keyboard physically supplied with the system. It could also continuously ensure that no peripheral hardware devices are connected in any manner to the system's motherboard. The same may be applied to other physical input devices, such as but not limited to a mouse, biometric identification mechanism, GPS device, or any other input mechanism.
- the system may also include physical location authentication using a combination of one or more geolocation processes (GPS, network-based geolocation, geo-fencing etc.) to ensure that a device attached to the system is being deployed in the physical location where it is authorized to operate.
- GPS global positioning system
- network-based geolocation geo-fencing etc.
- the system may also validate hardware and software present on the physical device each time it starts up 164 . If a discrepancy is detected from the registered set-up, the system may prevent boot-up, or it may require additional authentication steps for the unidentified hardware or software.
- Kernel Level Process Controls the technology may also feature kernel level process execution control which may prevent execution of a process on the kernel of the operating system which is not preapproved by the central authority.
- a source of security vulnerability is either the running of unsecured processes or the hijacking of secure processes to corrupt them and tamper with the results.
- secure processes run on the system and functioning of these processes is be continuously monitored, maintained, and validated, breaching the system becomes exceedingly difficult.
- Execution control may be implemented using a blacklist and whitelist 126 to check all processes running on the end-user computer.
- the system may check if the process is on the blacklist 130 or whitelist 134 using unique process identifiers.
- the Kernel may refuse to run the process 132 .
- the process may execute the process 138 . If the process is not found on either list, the system may be configured in different ways.
- the Kernel may to run the process.
- the Kernel may refuse to run the process 132 / 136 .
- the server may be notified and then the process may be manually authorized or rejected.
- the kernel level process control may only implement a whitelist or a blacklist. If only a whitelist is implemented, and a process is on the whitelist the process may be approved and run. If only a whitelist is implemented, and the process is not on the whitelist, then the process may be rejected, or the server may be notified and then the process may be manually authorized or rejected. If only a blacklist is implemented, and the process is on the blacklist the process may be rejected. If only a blacklist is implemented, and the process is not on the blacklist the process may be allowed, or the server may be notified and then the process may be manually authorized or rejected.
- the central authority may maintain the list(s). Upon the end-user connecting to the Internet (or some other network), it may check for updates to the list(s). Additionally, in one or more embodiments, a system may only whitelist those processes necessary to achieve the single function that was predefined by or for the end-user. Finally, all kernel process information, including those processes which are terminated and those which are executed may be audited and collected for further analysis at the Central Authority.
- System Validation 162 the initial state of the end-user system may be stored and protected 164 . This may include all hardware, software, and drivers that are present on the system. Using cryptographic validation, the end-user system may run a self-check upon initialization to ensure there is no additional hardware, software, or driver present on the system 166 . If the cryptographic validation process fails, the computer may notify the Central Authority and lock down, preventing the end-user from providing any information to a potentially compromised system, or it may require or allow further steps to authenticate and add the additional hardware, software, and/or drivers.
- the Central Authority may maintain the VDI Infrastructure 102 , the VPN Server, and advanced security tools necessary to maintain, monitor, and analyze the logs data which is created by the end-user system. This information may be fed into commercial advanced correlation engines which will further drill down on potential malicious cyber activity. Upon completion of the Central Authority's analysis efforts, a report may be generated 142 containing summaries of the analyzed data and conclusions drawn therein.
- the computer system may be any suitable apparatus, system or device, electronic, optical, or a combination thereof.
- the computer system may be a programmable data processing apparatus, a computer, a Digital Signal Processor, an optical computer or a microprocessor.
- the computer program may be embodied as source code and undergo compilation for implementation on a computer, or may be embodied as object code, for example.
- the computer program can be stored on a carrier medium in computer usable form, which is also envisaged as an aspect of the technology.
- the carrier medium may be solid-state memory, optical or magneto-optical memory such as a readable and/or writable disk for example a compact disk (CD) or a digital versatile disk (DVD), or magnetic memory such as disk or tape, and the computer system can utilize the program to configure it for operation.
- the computer program may also be supplied from a remote source embodied in a carrier medium such as an electronic signal, including a radio frequency carrier wave or an optical carrier wave.
Abstract
Description
Auditing User and Access Activity 156: user access and general activity data may be collected, audited 160 and aggregated 124 by the Central Authority, which may then analyze the data and generate one or
Claims (19)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/681,802 US11665166B2 (en) | 2018-11-09 | 2019-11-12 | Secure computing platform |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201862758195P | 2018-11-09 | 2018-11-09 | |
US16/681,802 US11665166B2 (en) | 2018-11-09 | 2019-11-12 | Secure computing platform |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200186532A1 US20200186532A1 (en) | 2020-06-11 |
US11665166B2 true US11665166B2 (en) | 2023-05-30 |
Family
ID=70972644
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/681,802 Active 2040-12-02 US11665166B2 (en) | 2018-11-09 | 2019-11-12 | Secure computing platform |
Country Status (1)
Country | Link |
---|---|
US (1) | US11665166B2 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11483293B1 (en) | 2021-06-07 | 2022-10-25 | Cdw Llc | Methods and systems for providing virtual desktop infrastructure via secure classified remote access as a service |
US20220417319A1 (en) * | 2021-06-28 | 2022-12-29 | Dell Products L.P. | System and method for edge analytics in a virtual desktop environment |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050071282A1 (en) * | 2003-09-29 | 2005-03-31 | Lu Hongqian Karen | System and method for preventing identity theft using a secure computing device |
US20090282359A1 (en) * | 2008-05-12 | 2009-11-12 | Microsoft Corporation | Virtual desktop view scrolling |
US20120303762A1 (en) * | 2011-05-23 | 2012-11-29 | Devon It, Inc. | Zero Configuration Set-Up for Thin Client Computers |
US20130311990A1 (en) * | 2010-10-12 | 2013-11-21 | Transoft (Shanghai), Inc. | Client-side virtualization architecture |
US20140122875A1 (en) * | 2012-10-31 | 2014-05-01 | Ubs Ag | Container-based management at a user device |
US20160057135A1 (en) * | 2014-08-20 | 2016-02-25 | Vmware, Inc. | Accessing virtual desktops via image scanning |
US20160057123A1 (en) * | 2014-08-20 | 2016-02-25 | Vmware, Inc. | Pushing a virtual desktop session from an authenticated device using image scanning |
US20160112540A1 (en) * | 2014-10-16 | 2016-04-21 | Futurewei Technologies, Inc. | System and Method for Virtual Desktop Infrastructure User Level Virtual Channel |
US20160350018A1 (en) * | 2015-05-27 | 2016-12-01 | Red Hat Israel, Ltd. | Exit-less host memory locking in a virtualized environment |
US20180144124A1 (en) * | 2016-11-23 | 2018-05-24 | 2236008 Ontario Inc. | Path-based access control for message-based operating systems |
US20190391712A1 (en) * | 2018-06-25 | 2019-12-26 | Citrix Systems, Inc. | Unified Display For Virtual Resources |
US10742649B1 (en) * | 2016-01-07 | 2020-08-11 | Sykes Enterprises, Incorporated | Secure authentication and virtual environment setup |
US11423400B1 (en) * | 1999-06-18 | 2022-08-23 | Stripe, Inc. | Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account |
-
2019
- 2019-11-12 US US16/681,802 patent/US11665166B2/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11423400B1 (en) * | 1999-06-18 | 2022-08-23 | Stripe, Inc. | Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account |
US7392534B2 (en) * | 2003-09-29 | 2008-06-24 | Gemalto, Inc | System and method for preventing identity theft using a secure computing device |
US20050071282A1 (en) * | 2003-09-29 | 2005-03-31 | Lu Hongqian Karen | System and method for preventing identity theft using a secure computing device |
US20090282359A1 (en) * | 2008-05-12 | 2009-11-12 | Microsoft Corporation | Virtual desktop view scrolling |
US20130311990A1 (en) * | 2010-10-12 | 2013-11-21 | Transoft (Shanghai), Inc. | Client-side virtualization architecture |
US20120303762A1 (en) * | 2011-05-23 | 2012-11-29 | Devon It, Inc. | Zero Configuration Set-Up for Thin Client Computers |
US20140122875A1 (en) * | 2012-10-31 | 2014-05-01 | Ubs Ag | Container-based management at a user device |
US20160057135A1 (en) * | 2014-08-20 | 2016-02-25 | Vmware, Inc. | Accessing virtual desktops via image scanning |
US20160057123A1 (en) * | 2014-08-20 | 2016-02-25 | Vmware, Inc. | Pushing a virtual desktop session from an authenticated device using image scanning |
US20160112540A1 (en) * | 2014-10-16 | 2016-04-21 | Futurewei Technologies, Inc. | System and Method for Virtual Desktop Infrastructure User Level Virtual Channel |
US20160350018A1 (en) * | 2015-05-27 | 2016-12-01 | Red Hat Israel, Ltd. | Exit-less host memory locking in a virtualized environment |
US10742649B1 (en) * | 2016-01-07 | 2020-08-11 | Sykes Enterprises, Incorporated | Secure authentication and virtual environment setup |
US20180144124A1 (en) * | 2016-11-23 | 2018-05-24 | 2236008 Ontario Inc. | Path-based access control for message-based operating systems |
US20190391712A1 (en) * | 2018-06-25 | 2019-12-26 | Citrix Systems, Inc. | Unified Display For Virtual Resources |
Non-Patent Citations (8)
Title |
---|
A Dynamic Network Access Control Mechanism for Virtual Desktop. Lin. IEICE. (Year: 2013). * |
A Remote Thin Client System for Real Time Multimedia Streaming Over VNC. Tan. IEEE. (Year: 2010). * |
A Service Broker and Business Model for SaaS Applications. Moore. IEEE. (Year: 2009). * |
Android OS with its Architecture and Android Application with Dalvik Virtual Machine Review. Shaheen. IJMUE. (Year: 2017). * |
Case Notes: Factors Influencing the Adoption of Virtual Desktop Infrastructure (VDI) Within the South African Banking Sector. Sekwakwa. AJIC. (Year: 2015). * |
Design and Implementation of A Network Application Architecture for Thin Clients. Kuo. IEEE. (Year: 2002). * |
Scheme of Cloud Desktop Based on Citrix. Liu. Springer. (Year: 2018). * |
Virtual Computing Laboratories Extension with Virtual Desktop Infrastructure for Smart Campus on a Cloud Computing. Song. ASTL. (Year: 2013). * |
Also Published As
Publication number | Publication date |
---|---|
US20200186532A1 (en) | 2020-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220292180A1 (en) | Systems and methods for offline usage of saas applications | |
US11658993B2 (en) | Systems and methods for traffic inspection via an embedded browser | |
US11895096B2 (en) | Systems and methods for transparent SaaS data encryption and tokenization | |
ES2881877T3 (en) | System and method for biometric protocol standards | |
AU2019347708B2 (en) | Systems and methods for consistent enforcement policy across different saas applications via embedded browser | |
US11647025B2 (en) | Systems and methods for continuous authentication | |
EP3876499B1 (en) | Native remote access to target resources using secretless connections | |
US11841931B2 (en) | Systems and methods for dynamically enforcing digital rights management via embedded browser | |
US11159552B2 (en) | Systems and methods for an embedded browser | |
EP3687139B1 (en) | Secure provisioning and validation of access tokens in network environments | |
US11411904B2 (en) | Systems and methods for filtering notifications for end points associated with a user | |
US11665166B2 (en) | Secure computing platform | |
US20220130401A1 (en) | Systems and methods for watermarking audio of saas applications | |
EP4332802A1 (en) | Pki smart-card threat detection and endpoint use visibility |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: MICROENTITY |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: MICROENTITY |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO MICRO (ORIGINAL EVENT CODE: MICR); ENTITY STATUS OF PATENT OWNER: MICROENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |